Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/O_IVYbBIRSj4JMksqxNIVfLvTAI.roa
File: O_IVYbBIRSj4JMksqxNIVfLvTAI.roa (raw, json)
Hash identifier: i1Tc8cPIkcnW2K1mCCNeMm6k1jSUi4JvxiHO2xO26ho=
Subject key identifier: 3B:F2:15:61:B0:48:45:28:F8:24:C9:2C:AB:13:48:55:F2:EF:4C:02
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018573E8614243DEE6342CF6650D8C4D983B
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/O_IVYbBIRSj4JMksqxNIVfLvTAI.roa
Signing time: Mon 02 Jan 2023 19:14:46 +0000
ROA not before: Mon 02 Jan 2023 19:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208801
IP address blocks: 217.168.246.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:e8:61:42:43:de:e6:34:2c:f6:65:0d:8c:4d:98:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 2 19:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3bf21561b0484528f824c92cab134855f2ef4c02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:e9:52:b2:9e:ba:8e:94:79:ec:38:cb:44:f2:
fd:59:36:e6:a3:17:65:7c:bb:bf:e6:1f:ef:d1:73:
37:a7:a3:2a:ec:5b:66:e6:11:fc:04:18:84:27:9b:
13:b7:25:07:65:98:d3:07:87:6d:73:52:e1:9b:69:
a8:e4:19:a1:ea:65:a4:2f:54:81:bd:a1:cd:ca:ee:
94:79:46:fd:79:b3:5b:e2:c9:13:24:a5:d8:88:de:
90:f7:64:66:b8:98:39:c2:3d:08:7a:af:1e:c7:31:
1c:ed:ae:85:d2:ed:f9:61:5d:af:c6:12:31:31:44:
4f:fc:b0:11:35:e4:c6:2f:d5:94:31:7a:fd:ff:ef:
15:66:c0:e2:fc:c9:5d:41:f6:41:cb:06:9b:81:a4:
73:e3:93:b0:2d:71:fd:fc:8a:f0:dd:71:55:31:7e:
2f:6d:16:7a:cb:c0:1b:25:f8:9f:d8:9a:7b:20:fc:
56:69:0a:95:99:47:c4:71:1c:d9:6b:41:e5:f6:87:
49:1f:6d:3d:07:90:1c:f5:a1:1a:cf:c9:8b:4c:61:
56:22:46:63:92:b2:92:5d:1e:3a:91:5a:dc:b0:2a:
cf:bc:a9:3d:a2:ac:34:79:f8:9e:ed:40:2e:b3:b7:
2d:5a:7b:59:5c:a9:eb:84:8c:3f:38:3c:4d:b4:65:
54:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:F2:15:61:B0:48:45:28:F8:24:C9:2C:AB:13:48:55:F2:EF:4C:02
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/O_IVYbBIRSj4JMksqxNIVfLvTAI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.168.246.0/24
Signature Algorithm: sha256WithRSAEncryption
88:46:f5:77:1d:24:ce:60:8f:33:f7:8b:77:f6:87:8d:76:64:
88:b2:56:58:96:19:6a:b9:fe:93:01:02:8b:7c:4f:6b:85:b8:
18:36:11:17:64:2e:68:a4:c8:1c:76:ae:82:ac:45:88:ec:4a:
1b:0c:5c:49:0d:1e:29:d9:ad:62:be:50:c6:f7:70:21:27:fa:
74:a0:bb:d2:4c:69:fa:e4:73:c6:7e:e0:59:0a:61:14:90:ab:
09:64:e3:d6:da:b8:14:1f:a7:2f:72:d2:a2:b6:3c:13:c8:2b:
00:71:7c:6b:96:e6:07:90:ac:c9:40:87:3a:3d:e4:f8:84:bf:
0c:87:cc:a1:1a:13:17:cc:03:e9:f5:c0:cb:dd:be:76:e3:80:
25:e7:ba:39:47:04:34:fd:54:34:4a:f4:22:55:a3:6d:35:2d:
69:62:4c:97:2a:fb:c4:ed:bc:93:25:0a:8d:bf:82:0c:18:ed:
d5:9d:8d:66:6f:a9:50:f4:19:cb:72:cd:c2:f1:24:21:eb:b4:
af:9c:ab:49:8f:ae:51:19:e8:6b:18:37:be:b2:6f:53:d5:97:
ea:9a:bd:f8:51:14:18:11:fd:ad:2c:84:d2:a2:35:8e:ec:22:
4a:16:dc:5b:b4:a4:b6:69:65:2b:6a:25:86:1d:9e:03:5a:5e:
c1:64:4c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVz6GFCQ97mNCz2ZQ2MTZg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMwMTAyMTkxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmYyMTU2MWIwNDg0NTI4ZjgyNGM5MmNhYjEzNDg1NWYyZWY0YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+lSsp66jpR57DjLRPL9WTbmoxdl
fLu/5h/v0XM3p6Mq7Ftm5hH8BBiEJ5sTtyUHZZjTB4dtc1Lhm2mo5Bmh6mWkL1SB
vaHNyu6UeUb9ebNb4skTJKXYiN6Q92RmuJg5wj0Ieq8exzEc7a6F0u35YV2vxhIx
MURP/LARNeTGL9WUMXr9/+8VZsDi/MldQfZBywabgaRz45OwLXH9/Irw3XFVMX4v
bRZ6y8AbJfif2Jp7IPxWaQqVmUfEcRzZa0Hl9odJH209B5Ac9aEaz8mLTGFWIkZj
krKSXR46kVrcsCrPvKk9oqw0efie7UAus7ctWntZXKnrhIw/ODxNtGVUnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvyFWGwSEUo+CTJLKsTSFXy70wCMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvT19JVlliQklSU2o0Sk1rc3F4TklWZkx2VEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aj2MA0G
CSqGSIb3DQEBCwUAA4IBAQCIRvV3HSTOYI8z94t39oeNdmSIslZYlhlquf6TAQKL
fE9rhbgYNhEXZC5opMgcdq6CrEWI7EobDFxJDR4p2a1ivlDG93AhJ/p0oLvSTGn6
5HPGfuBZCmEUkKsJZOPW2rgUH6cvctKitjwTyCsAcXxrluYHkKzJQIc6PeT4hL8M
h8yhGhMXzAPp9cDL3b5244Al57o5RwQ0/VQ0SvQiVaNtNS1pYkyXKvvE7byTJQqN
v4IMGO3VnY1mb6lQ9BnLcs3C8SQh67SvnKtJj65RGehrGDe+sm9T1Zfqmr34URQY
Ef2tLITSojWO7CJKFtxbtKS2aWUraiWGHZ4DWl7BZExB
-----END CERTIFICATE-----
Generated at Mon May 12 22:04:23 2025 by rpki-client